TYPO3 Core

Test / Replication

1. Add a TYPO3 page of type shortcut
2. Call the page in the frontend with the additional parameter type
   • best effect can be seen if the value of the parameter is a domain
     

     http://www.domain.tld/index.php?type=www.typo3.org
     

3. See the browser redirect

Cause
The responsible function is checkPageForShortcutRedirect() located in typo3_src/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php:3152.

So whats happening behind the scenes:

1. The function reads the unique id of the current page (i.e. $parameter = 1)
   

   $parameter = $this->page['uid'];
   

2. It reads the value of the GET-Parameter type (i.e. $type=www.typo3.org)
   

   $type = GeneralUtility::_GET('type');
   

3. The value of thd parameter is concatenated with the value of the type (results in $parameter = 1,www.typo3.org)
   

   if ($type) {
       $parameter .= ',' . $type;
   }
   

4. TYPO3 builds a link with the given parameter (results in $redirectUrl = http://1,www.typo3.org)
   

   $redirectUrl = $cObj->typoLink_URL(array('parameter' => $parameter));
   

5. Finally TYPO3 redirects to the url http://1,www.typo3.org)
   

   HttpUtility::redirect($redirectUrl, HttpUtility::HTTP_STATUS_307);
   

What's next

In my opinion there are two possible fixes for that:

1. add an intval() (as TSref says typeNum should be of type integer)
   • if, then maybe already at an earlier point typo3/sysext/cms/tslib/index_ts.php:76
     

     intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('type'))
     

2. don't concatenate parameter and type if it is not an integer